Vector attacks: a new threat online

DDoS or ‘distributed denial of service’ is a type of attack where multiple compromised systems, often infected with a Trojan, are used to target a single system causing a ‘denial of service’ (DoS) attack. Photo: iStockphoto

Web application vectors can be seen across platforms. They can have a longer impact than merely causing network availability outages, which we see from infrastructure-related DDoS attacks. DDoS or ‘distributed denial of service’ is a type of attack where multiple compromised systems, often infected with a Trojan, are used to target a single system causing a ‘denial of service’ (DoS) attack.

Research firm Akamai’s latest online threat report suggests the top three attack vectors in Q1 2017 as seen in figure no. 1 are SQLi, LFI, and XSS. These attacks are more often than not against unprotected websites.

XSS peaked to 10% of all web application attacks, from 7% in the previous quarter. The top global source country for web application attacks in Q1 2017 is US with 117,978,342 attack sources, followed by Netherlands, Brazil, China, and Germany as shown in figure no. 2.

In global web application attacks, the US as source comprised 34% of web application attacks, up from 28% in the previous quarter. There has been a marked 4% drop in attacks in the Netherlands, from 17% to 13%.

In terms of Asia Pacific application attack source countries as shown in figure no 3, China has the highest number, with a global ranking of 4. India is at the 12th spot in global application attack source countries and in the Asia Pacific region it is at 2nd rank with 6,150,881 attacks.

US was the largest target of attack traffic, with Brazil in second place and UK on the third as shown in figure no. 4. Attacks in US were down by 9%, while Brazil had a nearly 46% increase in web application attacks, and UK had a 30% gain in attacks. China and Canada have fallen from top 10 lists this quarter, replaced by Spain and Singapore from the previous quarter. India was in the 8th position in terms of web application attacks witnessing 6.7 million attacks in this quarter.